As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 12, 2025
Information security updates and events from the past week
1 – Huge leak at Pennsylvania Teachers Association: Sensitive information of more than 500,000 people exposed
The Pennsylvania State Education Association (PSEA) has revealed that a security incident led to the leak of sensitive personal information of more than half a million people, including financial details and health information.
Scope of the breach:
– 517,487 people affected according to the Maine Attorney General’s Office
– The organization represents more than 178,000 educators in the state of Pennsylvania
Information exposed:
– Full names and dates of birth
– Driver’s license and ID numbers
– Social Security numbers (SSN)
– Bank account and credit card details
– PIN codes and passwords
– Passport and taxpayer ID numbers
– Health insurance information and medical records
2 – HCA Healthcare, a network of 186 hospitals, has apparently been hit by a cyberattack
The attack group Babuk claims to have breached the systems of HCA Healthcare, one of the largest healthcare providers in the United States.
Details of Incident:
– Babuk Group Claims Email, Session IDs, and Other Data Were Exposed
– It’s Still Not Clear Whether Information Has Already Been Leaked or Whether the Company Has Suffered Significant Damage
3 – Large-Scale Cyberattack: Over 100 Car Dealerships Affected by Video Service Provider Hack
Security researchers this week uncovered a sophisticated cyberattack that affected more than 100 car dealerships across the U.S. The attackers exploited a security flaw in LES Automotive, a popular video platform in the automotive industry, to distribute malware to visitors to the dealerships’ websites.
Stages of the Attack:
– The attackers first infiltrated the LES Automotive systems, a video service provider for car dealerships
– Through the already compromised platform, malicious code was injected into the websites of all dealerships using the service
– The attack used a fraudulent technique called ClickFix to distribute the SectopRAT spyware
– Security researcher Randy McEwen Detected clues that the attackers are likely Russian speakers
How the ClickFix scam works:
– The user sees a fake window asking for human verification or fixing an error on the website
– When the button is clicked, a malicious command is secretly copied to the computer’s memory
– The user is instructed to open the Windows “Run” menu
– The instructions prompt the user to paste and run the malicious command, which installs the spyware
A worrying trend:
– The ClickFix technique is gaining popularity among attack groups
– In October 2024, US authorities warned of Russian attackers using this method
– Microsoft recently identified similar attacks targeting the hotel and tourism industry
– Experts expect a further increase in such attacks during 2025
4 – Security researchers identify vulnerabilities in Chinese car manufacturer affecting hundreds of thousands of vehicles
Several security vulnerabilities in car manufacturer’s products A Chinese security researcher, Yinji Cao, and Xinfeng Chen will present their findings at the upcoming Black Hat Asia conference, demonstrating effective research methods without the need for expensive equipment.
Security vulnerabilities that allow remote control:
– Researchers have found vulnerabilities in two different car models from the Chinese manufacturer
– The vulnerabilities allow remote control of the car after a Man-in-the-Middle attack is carried out
– The first vulnerability is in the infotainment system (IVI) and allows code execution
– The second vulnerability exists in the car app.
Impact of the breaches:
– Researchers were able to control various functions in the vehicle, including opening doors, trunk, windows and headlights
– Using a breach in the app, they were able to intercept all traffic and obtain a token that allows full remote control
– The attacks carried out are “beginner level” according to the researchers, and can be carried out by anyone with basic cyber knowledge
Cybersecurity in the automotive industry:
– Many car companies still lag in the area of cybersecurity for their products
– A study by Synopsys and SAE International found that typical automotive organizations have only nine full-time employees focused on managing information security and cyber for products
– 30% of respondents reported that they do not have any security staff in their organization
– Organizations that do operate security programs test less than half of the hardware, software and other technologies included in their vehicles
5 – California Cryobank, one of the world’s largest sperm banks, reports a security breach that led to the exposure of sensitive customer information.
The breach occurred when attackers were able to access the company’s systems and steal personal data, including names, Social Security numbers, driver’s license numbers, financial account details and health insurance information.
The company recently began notifying victims and offering them free credit monitoring services.
At the same time, law firms have already begun exploring the possibility of filing class action lawsuits over the sensitive data leak.
6 – Elite Plastic Surgery in Michigan experienced a cyberattack, affecting nearly 20,000 patients.
The information exposed included names, dates of birth, Social Security numbers and health insurance information.
Although there is no evidence of misuse of the information, those affected received free credit monitoring and identity theft protection services.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.